Welcome to my blog, For more information about me, visit my website at http://www.kush.com.fj. This blog is mostly just to keep a track of my ramblings and thoughts, game reviews, and crazy hair-brained ideas, so don't expect to find any profound life altering body of knowledge here...

5/07/2012

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainly just archiving some files around and updating packages and configurations. However, as part of the maintenance I took the opportunity to put in some simple technical security controls in place and documented some of them here for my reference.

MySQL DatabaseThere was a MySQL server running that was only needed for the local host, but a "netstat -ltn" indicated that it was not bound to any specific IP, i.e. listening on 0.0.0.0, so I bound it to the localhost IP of 127.0.0.1 by editing the /etc/my.cnf file using the entry bind-address=127.0.0.1

vi /etc/my.cnf
bind-address=127.0.0.1

RKHunter Rootkit Anti-malware
I installed the new version of rkhunter and modified the configuration file to suit.

IPTables Firewall
Strangely enough there was no firewall configured on the host, so I quickly knocked up an script and saved it. Here's a snippet of the script that simply resets the rules, sets the default policies to drop and allows all local communications. There are additional parts that allow specific traffic through, but I have not put this up here to obscure the services and IP addresses being used.

ClamAV Anti-virusClamAV is an open source anti-virus software for Linux. I installed this using the yum package manager and configured the AV to scan daily, and used freshclam to ensure that the virus definitions are updated hourly.

Fail2Ban Intrusion Prevention
fail2ban is an interesting intrusion prevention system that parses system logs to dynamically update firewall rules to stop potential intrusion attempts. It supports several other mechanism, but I was only interested in the firewall and SSH access

Legal notices
The client wanted some legal notices and disclaimers on the host for various reasons, one of them being to notify employees that their usage was being monitored. I stuck the disclaimer from their legal department (it looked pretty generic though) into /etc/issue and created a link from /etc/issue.net to it.